To a point, this is correct. The OpenSSL vulnerability can only be exploited if someone has access to your database server. For these types of security reasons, many organizations place their database server behind a firewall, and rightfully so. However, application servers, which typically sit in a "De-militarized zone (DMZ)" area of the firewall, not only allow open access to the application server but also need a firewall hole poked to let the application server connect to the database. Depending on your level of security and your network configuration, it is possible for someone in the outside world to be able to exploit this security hole. For that reason, I make the appropriate security fixes for the database even if the database is inside the company's firewall.
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.